<?php

class Login implements Action {

    private $username;
    private $password;

    public function setParams($param = null) {
        $this->username = $_POST['username'];
        $this->password = $_POST['password'];
    }

    public function validate($response) {
        if ($this->username == "") {
            $response->addError("Username missing!");
        }
        if ($this->password == "") {
            $response->addError("Password missing!");
        }
    }

    public function execute($response) {
        $con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die(mysql_error());
        mysql_select_db(DB_NAME, $con) or die(mysql_error());
        $sql = "SELECT * FROM management_login WHERE username='$this->username' and password='$this->password'";
        $result = mysql_fetch_array((mysql_query($sql, $con)));
        if ($result) {
            $_SESSION['login'] = true;
            $_SESSION['username'] = $result['username'];
            $_SESSION['admin'] = $result['permission'];
            $response->set('username', $result['username']);
        } else {
            $response->addError("Invalid username or password");
        }
    }

    public function getContentType() {
        return JSON;
    }

    public function getHTTPMethod() {
        return POST;
    }

}

?>
